Skillv1.0.1

ClawScan security

Ashare Fast Watcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 7:21 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (watching A‑Share data) but contains several inconsistencies and minor risks — notably a mismatch between the SKILL.md actions and the included code, an undeclared macOS-only notification path that invokes the shell, and missing dependency/install instructions.
Guidance: What to check before installing/running: 1) Confirm the author/source — repository metadata and homepage are missing. 2) Ask the publisher to explain how SKILL.md actions (get_market_snapshot, check_volatility) map to the included scripts; the mismatch could be sloppy packaging. 3) Run code in an isolated environment (container/VM) because daemon.py runs an infinite loop and calls os.system to execute osascript (macOS). 4) If you will use the notification feature, review/adjust notify_mac to avoid shell invocation or better escape single quotes (current code only replaces double quotes). 5) Install and audit required Python packages (requests, akshare, pandas); requirements.txt is empty so dependencies are undeclared. 6) If you need cross‑platform behavior, note the macOS-only notifier and either disable it or add an OS check. If you cannot verify the author or fix the above inconsistencies, treat the skill as untrusted and avoid running it on production systems or systems with sensitive data.
Findings: [no-findings] expected: Static pre-scan reported no regex hits. This is not proof of safety. The code does perform os.system calls and imports third-party libs (requests, akshare) which the scanner did not flag but are relevant to runtime behavior.

Review Dimensions

Purpose & Capability: noteThe code queries the Tencent qt.gtimg.cn API and performs bond/ETF scanning (consistent with a market watcher). However the SKILL.md declares actions named get_market_snapshot and check_volatility that do not map directly to the functions in index.py/daemon.py/radar.py (those files implement analyze_bond_linkage, analyze_etf_premium, a long‑running daemon, and akshare scans). Also the daemon implements a macOS-only notifier (osascript) but the skill metadata does not declare an OS restriction.
Instruction Scope: concernSKILL.md provides only two high-level actions but the repository contains runnable scripts (a perpetual daemon, index analyzer, and akshare scanners). daemon.py uses os.system to call osascript for notifications (executes shell commands), building the command from remote data with only limited escaping — this creates a potential command/argument injection vector if untrusted strings are used. The code also performs network calls to external APIs (expected) but SKILL.md does not document how the agent will invoke these scripts or map the declared actions to the code entrypoints.
Install Mechanism: noteThere is no install spec (instruction-only), but the code imports third‑party packages (requests, akshare, pandas). requirements.txt is empty, so required dependencies are not declared — this is inconsistent and will cause runtime failures unless the environment already has these packages. No remote downloads or installers are present (low install risk), but missing dependency declarations are a usability/integrity issue.
Credentials: okThe skill requests no environment variables, credentials, or config paths — appropriate for a read‑only market watcher that calls public APIs. No unrelated secrets are requested.
Persistence & Privilege: noteThe skill is not forced-always and allows model invocation (defaults). It does include a long-running daemon script (daemon.py) that loops indefinitely when executed; that is normal for a watcher but the SKILL.md does not explain the runtime model (whether the agent should run the daemon). The macOS notifier and infinite loop are behaviors to be aware of before running.